CVE-2020-1748

HIGH7.5EPSS 0.31%

Incorrect Authorization in WildFly Elytron

Published: 2/15/2022Modified: 2/19/2024

Description

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

Affected packages (1)

Maven/org.wildfly.security:wildfly-elytronfrom 0, < 1.6.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-1748
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1807707
WEBhttps://security.netapp.com/advisory/ntap-20201001-0005